Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/82lGYuyX4bkd9ek_616igXGoFB8.roa
File: 82lGYuyX4bkd9ek_616igXGoFB8.roa (raw, json)
Hash identifier: vE+CURVCJRpum9yHgD9tjF0GEnl7IL2SMoBXWWxGb10=
Subject key identifier: F3:69:46:62:EC:97:E1:B9:1D:F5:E9:3F:EB:5E:A2:81:71:A8:14:1F
Certificate issuer: /CN=ab71e9b13f5c339a58692eeabe72eaa406bbbd7d
Certificate serial: 018F735D0166BD2936A49F7FEE0589F5FA7F
Authority key identifier: AB:71:E9:B1:3F:5C:33:9A:58:69:2E:EA:BE:72:EA:A4:06:BB:BD:7D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/q3HpsT9cM5pYaS7qvnLqpAa7vX0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/82lGYuyX4bkd9ek_616igXGoFB8.roa
Signing time: Mon 13 May 2024 19:10:26 +0000
ROA not before: Mon 13 May 2024 19:10:26 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 207429
IP address blocks: 80.253.244.0/24 maxlen: 24
80.253.245.0/24 maxlen: 24
80.253.247.0/24 maxlen: 24
213.142.143.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8f:73:5d:01:66:bd:29:36:a4:9f:7f:ee:05:89:f5:fa:7f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ab71e9b13f5c339a58692eeabe72eaa406bbbd7d
Validity
Not Before: May 13 19:10:26 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=f3694662ec97e1b91df5e93feb5ea28171a8141f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:c8:a9:93:42:40:c5:b6:5a:9e:a9:80:12:04:
fa:29:ed:fd:7a:7b:f2:fb:6e:46:4c:2a:e1:86:eb:
71:56:7f:1e:92:c4:23:57:68:2f:6a:47:f3:6f:3d:
6e:d0:a2:0e:da:a8:a4:b5:ff:46:26:e6:03:88:37:
3a:9d:bc:3f:12:3b:51:5a:fc:18:a7:e4:3d:49:ab:
ae:70:af:9e:55:9d:61:df:69:3e:a2:ba:f1:06:82:
f6:94:e7:42:45:ec:e0:8e:a2:1a:74:5f:70:4d:bc:
ba:6d:a8:9e:d4:0c:06:ef:7a:c0:a5:e9:06:0f:79:
91:02:e9:a8:8e:a0:f8:89:ff:f2:ac:09:bf:47:da:
b9:74:59:75:9b:98:da:e7:52:a9:de:ff:90:89:79:
ac:7c:b3:e8:a3:48:c6:fa:73:39:c0:2d:f9:32:2c:
cd:48:98:1f:e8:f8:e6:54:be:03:e0:fe:cd:71:a6:
62:2e:40:61:3f:70:99:78:be:f7:92:ce:e8:c2:04:
e7:2e:36:2e:3a:ad:dd:24:bf:e2:4c:32:9a:7a:a3:
18:ad:fd:48:9c:69:1f:f8:1c:78:cd:6b:38:68:74:
b6:7b:56:e7:af:ed:d9:ce:39:38:32:e5:c7:7b:95:
6e:c5:f0:6b:a3:2e:1a:f5:d6:9b:84:8c:6a:fa:30:
50:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F3:69:46:62:EC:97:E1:B9:1D:F5:E9:3F:EB:5E:A2:81:71:A8:14:1F
X509v3 Authority Key Identifier:
keyid:AB:71:E9:B1:3F:5C:33:9A:58:69:2E:EA:BE:72:EA:A4:06:BB:BD:7D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q3HpsT9cM5pYaS7qvnLqpAa7vX0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/82lGYuyX4bkd9ek_616igXGoFB8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/q3HpsT9cM5pYaS7qvnLqpAa7vX0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.253.244.0/23
80.253.247.0/24
213.142.143.0/24
Signature Algorithm: sha256WithRSAEncryption
74:e0:7e:fb:1f:06:49:fe:11:59:24:7b:c5:47:47:4e:ad:ac:
0e:dc:88:48:93:33:95:d5:cc:be:fa:0d:a3:e5:4f:b9:d1:13:
ba:de:8c:de:31:ce:d1:1b:a4:24:8f:5e:39:c6:5a:56:0d:42:
51:cd:71:3f:ce:e0:6c:24:8e:cf:de:fe:f3:c0:13:5e:b6:1f:
51:43:e6:d2:01:2f:ca:36:20:3b:e3:22:1d:18:d5:15:b0:98:
59:b1:57:8e:c0:ea:43:62:f6:ba:7f:eb:33:40:66:78:3a:61:
d3:56:6e:17:b4:c0:57:8a:58:4f:a5:0a:47:fc:a7:1d:04:ec:
5d:20:62:45:f2:82:f1:2d:98:20:2a:97:fe:99:42:a7:e5:30:
bf:2c:fe:f1:ba:8d:9a:53:b1:ac:b8:2a:1d:82:3f:3a:a9:a4:
f1:34:3e:73:e6:54:2b:94:e8:d8:c7:3b:15:b3:5e:50:67:90:
a4:e7:cd:30:17:27:ad:9a:1d:ec:2b:fa:3e:e3:05:4a:4b:bf:
31:d4:90:e0:64:c0:ea:2a:33:03:d2:0b:a3:ea:af:20:ed:6c:
23:67:75:14:b0:45:09:a1:b1:b6:6d:4a:99:c3:62:67:b8:d2:
ca:95:37:b8:f6:13:b1:d7:af:06:3c:5a:8d:4a:bb:ac:bc:03:
1f:32:fd:7b
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY9zXQFmvSk2pJ9/7gWJ9fp/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiNzFlOWIxM2Y1YzMzOWE1ODY5MmVlYWJlNzJlYWE0MDZi
YmJkN2QwHhcNMjQwNTEzMTkxMDI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzY5NDY2MmVjOTdlMWI5MWRmNWU5M2ZlYjVlYTI4MTcxYTgxNDFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxcipk0JAxbZanqmAEgT6Ke39envy
+25GTCrhhutxVn8eksQjV2gvakfzbz1u0KIO2qiktf9GJuYDiDc6nbw/EjtRWvwY
p+Q9SauucK+eVZ1h32k+orrxBoL2lOdCRezgjqIadF9wTby6baie1AwG73rApekG
D3mRAumojqD4if/yrAm/R9q5dFl1m5ja51Kp3v+QiXmsfLPoo0jG+nM5wC35MizN
SJgf6PjmVL4D4P7NcaZiLkBhP3CZeL73ks7owgTnLjYuOq3dJL/iTDKaeqMYrf1I
nGkf+Bx4zWs4aHS2e1bnr+3Zzjk4MuXHe5VuxfBroy4a9dabhIxq+jBQmQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFPNpRmLsl+G5HfXpP+teooFxqBQfMB8GA1UdIwQY
MBaAFKtx6bE/XDOaWGku6r5y6qQGu719MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTNIcHNUOWNNNXBZYVM3cXZuTHFwQWE3dlgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS82YmEzOWMtZWYxZC00ZDQ4LTk4MmIt
Y2Y0YjkwMDk5N2EwLzEvODJsR1l1eVg0YmtkOWVrXzYxNmlnWEdvRkI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS82YmEzOWMtZWYxZC00ZDQ4LTk4MmItY2Y0YjkwMDk5N2Ew
LzEvcTNIcHNUOWNNNXBZYVM3cXZuTHFwQWE3dlgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBUP30AwQA
UP33AwQA1Y6PMA0GCSqGSIb3DQEBCwUAA4IBAQB04H77HwZJ/hFZJHvFR0dOrawO
3IhIkzOV1cy++g2j5U+50RO63ozeMc7RG6Qkj145xlpWDUJRzXE/zuBsJI7P3v7z
wBNeth9RQ+bSAS/KNiA74yIdGNUVsJhZsVeOwOpDYva6f+szQGZ4OmHTVm4XtMBX
ilhPpQpH/KcdBOxdIGJF8oLxLZggKpf+mUKn5TC/LP7xuo2aU7GsuCodgj86qaTx
ND5z5lQrlOjYxzsVs15QZ5Ck580wFyetmh3sK/o+4wVKS78x1JDgZMDqKjMD0guj
6q8g7WwjZ3UUsEUJobG2bUqZw2JnuNLKlTe49hOx168GPFqNSrusvAMfMv17
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:24:26 2025 by rpki-client